If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
Alpha Comply Login »
Blue Team Alpha - Alpha Risk Logo

Cybersecurity Risk Assessment Services

Home » Incident Response » Compromise Assessment

Compromise Assessments Services

Most attackers remain active in an organization’s network and applications for a significant period of time before acting or being discovered. Unfortunately, the average dwell time (the time between an attack penetrating a network’s defenses and being discovered) ranged from 43 to 895 days for SMBs, according to a recent report. The same report found that the average dwell time for confirmed, persistent malware was 798 days. Dwell time for riskware—including unwanted applications, web trackers, and adware—averaged 869 days. The longer an attacker dwells in your network, the greater the risk of compromise and ransomware.

Learn More About AlphaRisk

How Blue Team Alpha Can Help

The Compromise Assessment service from Blue Team Alpha assesses your environment for Indicators of Compromise, helping to answer the question: “Is an attacker in my environment?” The main purpose and goal of the assessment service is to identify if there has been a breach of your system. If our team discovers there has been a breach, we can act rapidly and seamlessly transition over to our Incident Response and Remediation service.

Our Compromise Assessment team is composed of highly-skilled individuals with extensive knowledge and real-world experience in cybersecurity attacks and threats. An appropriate team will be built for your business risk and needs, and may contain some or all of the following types of individuals:

  • Scrum Leaders
  • Penetration Testers
  • Certified Information Security Professionals
  • Security Analysts
  • Certified Incident Handlers
  • Compromise Assessment Experts

These assessments are conducted on one or both of the below environments:

1. On-premises network environment
2. Cloud email service

We follow a rigorous methodology when conducting each type of Compromise Assessment.

Request More Information About AlphaRisk Cybersecurity Risk Assessment

CONTACT US TODAY

On-premises Network Compromise Assessment

An on-premises network compromise assessment includes the following phases and deliverables:

number 1

Discovery

  • Assist and support development of action plan-based business environment, business operations, business needs, resource availability, and current state of environment
  • Gain network/host access
  • Gain access to all hardware devices (i.e. firewalls, routers, switches, etc.) and perform preliminary analysis
  • Compare configuration of hardware devices to known “good” configuration
  • Determine the logs available for harvesting, retention, and review
  • Determine the size and date range of logs to audit
  • Conduct a preliminary analysis
  • Determine adversary lateral movement vectors within the environment
  • Monitor tooling to identify currently unknown adversary implants and persistence capailities
  • Analyze proccess chain, file system modifications, and network connections
  • Utilize Custom SQL queries to characterize all assets being monitored
  • Monitor contest into user access, schedule tasks, and network activity
  • Place machines into appropriate mode (policy controlled, monitor, by-pass)
number 2

Identification / Assessment

  • Perform custom queries on all endpoints to identify any malicious behaviors
  • Review current configurations for network architecture device(s) such as switchers, routers, firewalls, and other identified hardware
number 3

Analysis

  • Perform analysis on hardware configurations and logs
  • Perform analysis on suspicious behaviors identified using industry vetted watchlists and threat profiles
compromise_robot
number 4

Reporting

  • Creation of final report
  • Gather all relevant data, findings, and information related to the incident
  • Present final report to client and any other appropriate parties

Cloud Email Service Compromise Assessment

A cloud email service compromise assessment covers the same phases and deliverables and includes:

number 1

Discovery

  • Support development of action plan-based business enviroment, business operations, business needs, resource availability, and current state of environment
  • Gain access to email service and perform preliminary analysis
  • Compare to known “good” configuration, if available
  • Determine the logs available for harvesting, retention, and review
  • Determine the size and date range of logs to audit
  • Conduct preliminary analysis
  • Analyze logins, user activity,  and connections
  • Monitor content into user access and email activity
number 2

Identification / Assessment

  • Perform custom queries on all email mailboxes to identify any malicious behaviors
number 3

Analysis

  • Perform analysis on email service configurations and logs
  • Perform analysis on suspicious behaviors identified using industry vetted watchlists and threat profiles
compromise_city
number 4

Reporting

  • Creation of final report
  • Gather all relevant data, findings, and information related to the incident
  • Present final report to client and any other appropriate parties

Don’t allow an attacker to go unnoticed in your network. 

Take the necessary steps now to make sure your network and systems are safe and secure.

Contact Blue Team Alpha today and answer the question: "Is there an attacker in my environment?"
CONTACT US TODAY

Services

About

Twitter Linkedin Facebook Instagram

Quick Links

Contact

Emergency Hotline            612-399-9680
General Number
612-888-9674
Mailing Address
1360 University Ave Ste 104 Unit 122
St. Paul MN 55104

© Copyright 2021 Blue Team Alpha. All Rights Reserved. Privacy Policy & Terms of Service
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.